Bearer Token Authentication
All API requests must include an API key in the Authorization header:
curl https://app.alert24.io/api/v1/incidents \
-H "Authorization: Bearer ak_live_YOUR_KEY_HERE"
Creating API Keys
- Open your Alert24 dashboard
- Go to Settings → API Keys
- Click Create API Key
- Give it a name (e.g. "CI/CD Pipeline")
- Select the scopes you need
- Optionally set an expiration date
- Click Create and copy the key immediately
The full key is only shown once. If you lose it, revoke the old key and create a new one.
Key Format
API keys follow this format:
ak_live_A1b2C3d4E5f6G7h8J9k0L1m2N3o4P5q6
ak_live_prefix identifies it as an Alert24 API key- Followed by 32 random base62 characters
- Keys are hashed (SHA-256) before storage — Alert24 never stores your raw key
Scopes
Each API key has one or more scopes that determine what it can do:
| Scope | Permissions |
|---|---|
read |
List and view all resources (incidents, services, monitoring checks, status pages) |
write |
Create, update, and delete resources. Includes all read permissions. |
Choose the minimum scope your integration needs. A dashboard that only displays data needs read. A CI/CD pipeline that creates incidents needs write.
Key Management
- Revoke a key instantly from Settings → API Keys. Revoked keys stop working immediately.
- Expiration — Set an optional expiration date when creating a key. Expired keys return
401. - Rotation — Create a new key, update your integration, then revoke the old one.
- Each key is scoped to a single organization. You'll need separate keys for separate organizations.
Error Responses
| Status | Type | When |
|---|---|---|
401 |
authentication_error |
Missing, invalid, expired, or revoked API key |
403 |
authorization_error |
API key lacks the required scope |
{
"error": {
"type": "authentication_error",
"message": "Invalid or missing API key. Provide a valid Bearer token.",
"status": 401
}
}